Re: [Masq] IPPORTFW Behind MASQ

Mon, 06 Nov 2000 23:32:58 -0800 

/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! 
/* ALSO: Don't quote this header. It makes you look lame :-) */


Mark wrote:

> /* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! 
> /* ALSO: Don't quote this header. It makes you look lame :-) */
> 
> 
> Hello, I am new to the list and have checked the archives in order to see if this
> question has already been asked or not, but nothing was found. 
> 
> My basic scenario is like this:
> The company I work for has 2 t1s, one is used for our ipmasq, and is getting quite
> saturated due to the tremendous growth of the company, and the other is used just by
> a few engineers. 
> 
> The traffic going out, after putting an analyzer on the masq box, is 99% web traffic,
> so I was going to set up an ipportfw on port 9000 to point to two squid cache's, one
> on the saturated t-1 and the other on the hardly-used t1 and set up the prefrence 
>level
> on ipportfw to both be the same, so it forwards to these cache servers in a 
>roundrobin
> like fasion...
> 
> Then setup an ipchains rule that redirects all traffic going anywhere to port 80 to 
>port 9000 
> (which then hits the ipportfw rule)
> 
> But the problem is, even when I set up the ipportfw rule using the internal ip and 
>when I telnet
> to it from the internal network (on port 9000) it just hangs, then times out.
> 
> Would anyone know of what I might be doing wrong here?
> 
> Thanks for any help that might be given,
> Mark

that's the old port-forwarding-doesn't-work-behind-the-masq-host-without-
michael-best's-kernel-patch problem. you're not doing anything wrong. that's
just the way the 2.2 kernel is (it's much better in 2.4). michael best wrote
a 2.2 kernel patch to make it work and it can be found at:

  http://www.com.org/~michael/masq-demasq.zip

raf

_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- 
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]

PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.

Reply via email to